DO $$
BEGIN
  -- 1. Ensure table exists
  IF NOT EXISTS (
    SELECT 1 FROM information_schema.tables 
    WHERE table_schema = 'public' AND table_name = 'task_activity_logs'
  ) THEN
    RAISE NOTICE 'table task_activity_logs does not exist; skipping policy creation';
    RETURN;
  END IF;

  -- 2. Enable row level security (idempotent)
  EXECUTE 'ALTER TABLE IF EXISTS public.task_activity_logs ENABLE ROW LEVEL SECURITY';

  -- 3. Drop existing policies to ensure idempotency
  -- (PostgreSQL handles IF EXISTS perfectly here, no need for complex catalog queries)
  EXECUTE 'DROP POLICY IF EXISTS allow_auth_inserts_all ON public.task_activity_logs';
  EXECUTE 'DROP POLICY IF EXISTS allow_service_role_all ON public.task_activity_logs';

  -- 4. Create a permissive INSERT policy for authenticated users
  -- (Removed USING clause, as FOR INSERT only accepts WITH CHECK)
  EXECUTE 'CREATE POLICY allow_auth_inserts_all ON public.task_activity_logs 
           FOR INSERT TO authenticated WITH CHECK (true)';

  -- 5. Create a permissive ALL policy for the service_role
  -- (Corrected TO clause from 'authenticated' to 'service_role')
  EXECUTE 'CREATE POLICY allow_service_role_all ON public.task_activity_logs 
           FOR ALL TO service_role USING (true) WITH CHECK (true)';

END
$$;